Security

For Foursquare Users

If you have a question about privacy or need to report abusive behavior, please submit a support request to our support team.

For Professional Security Researchers

If you are a security researcher and you believe you have discovered a vulnerability on Foursquare, please email us at security@foursquare.com. We treat all security reports as urgent and we’ll acknowledge that we have received your report as soon as we can. In the unlikely event that you don’t hear back from us within 24 hours, ping us again either by email or on twitter. After we’ve received your report we will work with you to investigate the issue and resolve it as soon as possible.

We have a few guidelines we need researchers to follow when looking for vulnerabilities. Respect our user’s privacy. You may not access or modify user data without our permission. Do not employ denial-of-service attacks against Foursquare, and attempt to avoid degrading our quality of service. After reporting a vulnerability, we ask that you allow us a reasonable period of time to investigate and fix the issue before you disclose it publicly.

The Foursquare website, including localized subdomains such as ru.foursquare.com, and the Foursquare API, are in scope for security reports. The sites blog.foursquare.com and engineering.foursquare.com are hosted by WP Engine. Any security issues found on these sites should be reported to WP Engine using their contact page. The site support.foursquare.com is hosted by Zendesk, and security issues with support.foursquare.com should be reported to Zendesk using their security page. The site business.foursquare.com is hosted by Squarespace, and issue should be reported through the their contact page. The site translate.foursquare.com/ is operated by Smartling, and issues should be reported using their contact page.

Hall of Fame

We would like to offer our thanks to the following researchers who have helped us make Foursquare more secure.